wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make encryption configurable for home storage

Browse source
This commit is contained in:
Bjoern Schiessle 2015-10-13 17:54:06 +02:00 committed by Björn Schießle
parent d7d5a3bab5
commit 5fad45b230
11 changed files with 247 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/encryption/appinfo/application.php
View file

@ -201,7 +201,8 @@ class Application extends \OCP\AppFramework\App {
$c->query('KeyManager'), $c->query('KeyManager'),
$c->query('Crypt'), $c->query('Crypt'),
$c->query('Session'), $c->query('Session'),
$server->getSession() $server->getSession(),
$c->query('Util')
); );
}); });

5
apps/encryption/appinfo/routes.php
View file

@ -35,6 +35,11 @@ namespace OCA\Encryption\AppInfo;
'url' => '/ajax/updatePrivateKeyPassword', 'url' => '/ajax/updatePrivateKeyPassword',
'verb' => 'POST' 'verb' => 'POST'
], ],
[
'name' => 'Settings#setEncryptHomeStorage',
'url' => '/ajax/setEncryptHomeStorage',
'verb' => 'POST'
],
[ [
'name' => 'Recovery#changeRecoveryPassword', 'name' => 'Recovery#changeRecoveryPassword',
'url' => '/ajax/changeRecoveryPassword', 'url' => '/ajax/changeRecoveryPassword',

21
apps/encryption/controller/settingscontroller.php
View file

@ -25,6 +25,7 @@ namespace OCA\Encryption\Controller;
use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\Crypto\Crypt;
use OCA\Encryption\KeyManager; use OCA\Encryption\KeyManager;
use OCA\Encryption\Session; use OCA\Encryption\Session;
use OCA\Encryption\Util;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\DataResponse;
@ -57,6 +58,9 @@ class SettingsController extends Controller {
/** @var ISession */ /** @var ISession */
private $ocSession; private $ocSession;
/** @var Util */
private $util;
/** /**
* @param string $AppName * @param string $AppName
* @param IRequest $request * @param IRequest $request
@ -67,6 +71,7 @@ class SettingsController extends Controller {
* @param Crypt $crypt * @param Crypt $crypt
* @param Session $session * @param Session $session
* @param ISession $ocSession * @param ISession $ocSession
* @param Util $util
*/ */
public function __construct($AppName, public function __construct($AppName,
IRequest $request, IRequest $request,
@ -76,7 +81,9 @@ class SettingsController extends Controller {
KeyManager $keyManager, KeyManager $keyManager,
Crypt $crypt, Crypt $crypt,
Session $session, Session $session,
ISession $ocSession) { ISession $ocSession,
Util $util
) {
parent::__construct($AppName, $request); parent::__construct($AppName, $request);
$this->l = $l10n; $this->l = $l10n;
$this->userSession = $userSession; $this->userSession = $userSession;
@ -85,6 +92,7 @@ class SettingsController extends Controller {
$this->crypt = $crypt; $this->crypt = $crypt;
$this->session = $session; $this->session = $session;
$this->ocSession = $ocSession; $this->ocSession = $ocSession;
$this->util = $util;
} }
@ -143,4 +151,15 @@ class SettingsController extends Controller {
} }
} }
/**
* @UseSession
*
* @param bool $encryptHomeStorage
* @return DataResponse
*/
public function setEncryptHomeStorage($encryptHomeStorage) {
$this->util->setEncryptHomeStorage($encryptHomeStorage);
return new DataResponse();
}
} }

9
apps/encryption/js/settings-admin.js
View file

@ -76,4 +76,13 @@ $(document).ready(function () {
}); });
}); });
$('#encryptHomeStorage').change(function() {
$.post(
OC.generateUrl('/apps/encryption/ajax/setEncryptHomeStorage'),
{
encryptHomeStorage: this.checked
}
);
});
}); });

6
apps/encryption/lib/crypto/encryption.php
View file

@ -378,6 +378,12 @@ class Encryption implements IEncryptionModule {
* @return boolean * @return boolean
*/ */
public function shouldEncrypt($path) { public function shouldEncrypt($path) {
if ($this->util->shouldEncryptHomeStorage() === false) {
$storage = $this->util->getStorage($path);
if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
return false;
}
}
$parts = explode('/', $path); $parts = explode('/', $path);
if (count($parts) < 4) { if (count($parts) < 4) {
return false; return false;

42
apps/encryption/lib/util.php
View file

@ -94,11 +94,40 @@ class Util {
$recoveryMode = $this->config->getUserValue($uid, $recoveryMode = $this->config->getUserValue($uid,
'encryption', 'encryption',
'recoveryEnabled', 'recoveryEnabled',
0); '0');
return ($recoveryMode === '1'); return ($recoveryMode === '1');
} }
/**
* check if the home storage should be encrypted
*
* @return bool
*/
public function shouldEncryptHomeStorage() {
$encryptHomeStorage = $this->config->getAppValue(
'encryption',
'encryptHomeStorage',
'1'
);
return ($encryptHomeStorage === '1');
}
/**
* check if the home storage should be encrypted
*
* @param bool $encryptHomeStorage
*/
public function setEncryptHomeStorage($encryptHomeStorage) {
$value = $encryptHomeStorage ? '1' : '0';
$this->config->setAppValue(
'encryption',
'encryptHomeStorage',
$value
);
}
/** /**
* check if master key is enabled * check if master key is enabled
* *
@ -157,4 +186,15 @@ class Util {
return $owner; return $owner;
} }
/**
* get storage of path
*
* @param string $path
* @return \OC\Files\Storage\Storage
*/
public function getStorage($path) {
$storage = $this->files->getMount($path)->getStorage();
return $storage;
}
} }

15
apps/encryption/settings/settings-admin.php
View file

@ -25,12 +25,27 @@
$tmpl = new OCP\Template('encryption', 'settings-admin'); $tmpl = new OCP\Template('encryption', 'settings-admin');
$crypt = new \OCA\Encryption\Crypto\Crypt(
\OC::$server->getLogger(),
\OC::$server->getUserSession(),
\OC::$server->getConfig());
$util = new \OCA\Encryption\Util(
new \OC\Files\View(),
$crypt,
\OC::$server->getLogger(),
\OC::$server->getUserSession(),
\OC::$server->getConfig(),
\OC::$server->getUserManager());
// Check if an adminRecovery account is enabled for recovering files after lost pwd // Check if an adminRecovery account is enabled for recovering files after lost pwd
$recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0'); $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0');
$session = new \OCA\Encryption\Session(\OC::$server->getSession()); $session = new \OCA\Encryption\Session(\OC::$server->getSession());
$encryptHomeStorage = $util->shouldEncryptHomeStorage($user);
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('initStatus', $session->getStatus()); $tmpl->assign('initStatus', $session->getStatus());
$tmpl->assign('encryptHomeStorage', $encryptHomeStorage);
return $tmpl->fetchPage(); return $tmpl->fetchPage();

103
apps/encryption/templates/settings-admin.php
View file

@ -9,56 +9,63 @@ style('encryption', 'settings-admin');
<?php if(!$_["initStatus"]): ?> <?php if(!$_["initStatus"]): ?>
<?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?> <?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?>
<?php else: ?> <?php else: ?>
<p id="encryptionSetRecoveryKey"> <p id="encryptHomeStorageSetting">
<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?> <input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
<span class="msg"></span> value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
<br/> <label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
<em> <em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
<?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?> </p>
</em>
<br/>
<input type="password"
name="encryptionRecoveryPassword"
id="encryptionRecoveryPassword"
placeholder="<?php p($l->t("Recovery key password")); ?>"/>
<input type="password"
name="encryptionRecoveryPassword"
id="repeatEncryptionRecoveryPassword"
placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/>
<input type="button"
name="enableRecoveryKey"
id="enableRecoveryKey"
status="<?php p($_["recoveryEnabled"]) ?>"
value="<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
</p>
<br/><br/>
<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
<?php p($l->t("Change recovery key password:")); ?>
<span class="msg"></span>
<br/>
<input
type="password"
name="changeRecoveryPassword"
id="oldEncryptionRecoveryPassword"
placeholder="<?php p($l->t("Old recovery key password")); ?>"/>
<br /> <br />
<input <p id="encryptionSetRecoveryKey">
type="password" <?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
name="changeRecoveryPassword" <span class="msg"></span>
id="newEncryptionRecoveryPassword" <br/>
placeholder="<?php p($l->t("New recovery key password")); ?>"/> <em>
<input <?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?>
type="password" </em>
name="changeRecoveryPassword" <br/>
id="repeatedNewEncryptionRecoveryPassword" <input type="password"
placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/> name="encryptionRecoveryPassword"
id="encryptionRecoveryPassword"
placeholder="<?php p($l->t("Recovery key password")); ?>"/>
<input type="password"
name="encryptionRecoveryPassword"
id="repeatEncryptionRecoveryPassword"
placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/>
<input type="button"
name="enableRecoveryKey"
id="enableRecoveryKey"
status="<?php p($_["recoveryEnabled"]) ?>"
value="<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
</p>
<br/><br/>
<button <p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
type="button" <?php p($l->t("Change recovery key password:")); ?>
name="submitChangeRecoveryKey"> <span class="msg"></span>
<br/>
<input
type="password"
name="changeRecoveryPassword"
id="oldEncryptionRecoveryPassword"
placeholder="<?php p($l->t("Old recovery key password")); ?>"/>
<br />
<input
type="password"
name="changeRecoveryPassword"
id="newEncryptionRecoveryPassword"
placeholder="<?php p($l->t("New recovery key password")); ?>"/>
<input
type="password"
name="changeRecoveryPassword"
id="repeatedNewEncryptionRecoveryPassword"
placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/>
<button
type="button"
name="submitChangeRecoveryKey">
<?php p($l->t("Change Password")); ?> <?php p($l->t("Change Password")); ?>
</button> </button>
</p> </p>
<?php endif; ?> <?php endif; ?>
</form> </form>

16
apps/encryption/tests/controller/SettingsControllerTest.php
View file

@ -56,6 +56,9 @@ class SettingsControllerTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $ocSessionMock; private $ocSessionMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $utilMock;
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
@ -106,6 +109,10 @@ class SettingsControllerTest extends TestCase {
$this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session') $this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session')
->disableOriginalConstructor()->getMock(); ->disableOriginalConstructor()->getMock();
$this->utilMock = $this->getMockBuilder('OCA\Encryption\Util')
->disableOriginalConstructor()
->getMock();
$this->controller = new SettingsController( $this->controller = new SettingsController(
'encryption', 'encryption',
$this->requestMock, $this->requestMock,
@ -115,7 +122,8 @@ class SettingsControllerTest extends TestCase {
$this->keyManagerMock, $this->keyManagerMock,
$this->cryptMock, $this->cryptMock,
$this->sessionMock, $this->sessionMock,
$this->ocSessionMock $this->ocSessionMock,
$this->utilMock
); );
} }
@ -234,4 +242,10 @@ class SettingsControllerTest extends TestCase {
$data['message']); $data['message']);
} }
function testSetEncryptHomeStorage() {
$value = true;
$this->utilMock->expects($this->once())->method('setEncryptHomeStorage')->with($value);
$this->controller->setEncryptHomeStorage($value);
}
} }

52
apps/encryption/tests/lib/UtilTest.php
View file

@ -39,6 +39,9 @@ class UtilTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $userManagerMock; private $userManagerMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $mountMock;
/** @var Util */ /** @var Util */
private $instance; private $instance;
@ -65,6 +68,7 @@ class UtilTest extends TestCase {
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
$this->mountMock = $this->getMock('\OCP\Files\Mount\IMountPoint');
$this->filesMock = $this->getMock('OC\Files\View'); $this->filesMock = $this->getMock('OC\Files\View');
$this->userManagerMock = $this->getMock('\OCP\IUserManager'); $this->userManagerMock = $this->getMock('\OCP\IUserManager');
@ -151,4 +155,52 @@ class UtilTest extends TestCase {
]; ];
} }
/**
* @dataProvider dataTestShouldEncryptHomeStorage
* @param $returnValue return value from getAppValue()
* @param $expected
*/
public function testShouldEncryptHomeStorage($returnValue, $expected) {
$this->configMock->expects($this->once())->method('getAppValue')
->with('encryption', 'encryptHomeStorage', '1')
->willReturn($returnValue);
$this->assertSame($expected,
$this->instance->shouldEncryptHomeStorage());
}
public function dataTestShouldEncryptHomeStorage() {
return [
['1', true],
['0', false]
];
}
/**
* @dataProvider dataTestSetEncryptHomeStorage
* @param $value
* @param $expected
*/
public function testSetEncryptHomeStorage($value, $expected) {
$this->configMock->expects($this->once())->method('setAppValue')
->with('encryption', 'encryptHomeStorage', $expected);
$this->instance->setEncryptHomeStorage($value);
}
public function dataTestSetEncryptHomeStorage() {
return [
[true, '1'],
[false, '0']
];
}
public function testGetStorage() {
$path = '/foo/bar.txt';
$this->filesMock->expects($this->once())->method('getMount')->with($path)
->willReturn($this->mountMock);
$this->mountMock->expects($this->once())->method('getStorage')->willReturn(true);
$this->assertTrue($this->instance->getStorage($path));
}
} }

36
apps/encryption/tests/lib/crypto/encryptionTest.php
View file

@ -55,9 +55,14 @@ class EncryptionTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $l10nMock; private $l10nMock;
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $storageMock;
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
$this->storageMock = $this->getMockBuilder('OCP\Files\Storage')
->disableOriginalConstructor()->getMock();
$this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt') $this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
->disableOriginalConstructor() ->disableOriginalConstructor()
->getMock(); ->getMock();
@ -312,7 +317,17 @@ class EncryptionTest extends TestCase {
* *
* @dataProvider dataTestShouldEncrypt * @dataProvider dataTestShouldEncrypt
*/ */
public function testShouldEncrypt($path, $expected) { public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected) {
$this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage')
->willReturn($shouldEncryptHomeStorage);
if ($shouldEncryptHomeStorage === false) {
$this->storageMock->expects($this->once())->method('instanceOfStorage')
->with('\OCP\Files\IHomeStorage')->willReturn($isHomeStorage);
$this->utilMock->expects($this->once())->method('getStorage')->with($path)
->willReturn($this->storageMock);
}
$this->assertSame($expected, $this->assertSame($expected,
$this->instance->shouldEncrypt($path) $this->instance->shouldEncrypt($path)
); );
@ -320,14 +335,17 @@ class EncryptionTest extends TestCase {
public function dataTestShouldEncrypt() { public function dataTestShouldEncrypt() {
return array( return array(
array('/user1/files/foo.txt', true), array('/user1/files/foo.txt', true, true, true),
array('/user1/files_versions/foo.txt', true), array('/user1/files_versions/foo.txt', true, true, true),
array('/user1/files_trashbin/foo.txt', true), array('/user1/files_trashbin/foo.txt', true, true, true),
array('/user1/some_folder/foo.txt', false), array('/user1/some_folder/foo.txt', true, true, false),
array('/user1/foo.txt', false), array('/user1/foo.txt', true, true, false),
array('/user1/files', false), array('/user1/files', true, true, false),
array('/user1/files_trashbin', false), array('/user1/files_trashbin', true, true, false),
array('/user1/files_versions', false), array('/user1/files_versions', true, true, false),
// test if shouldEncryptHomeStorage is set to false
array('/user1/files/foo.txt', false, true, false),
array('/user1/files_versions/foo.txt', false, false, true),
); );
} }